cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
23299
Views
0
Helpful
7
Replies

span port shows up and down.

mahesh18
Level 6
Level 6

hi all,

we have sniffer hooked to switch and it shows

GigabitEthernet1/0/12 is up, line protocol is down (monitoring)

sh monitor    detail
Session 1
---------
Type                   : Local Session
Description            : -
Source Ports           :
    RX Only            : None
    TX Only            : None
    Both               : None
Source VLANs           :
    RX Only            : None
    TX Only            : None
    Both               : 100-101
Source RSPAN VLAN      : None
Destination Ports      : Gi1/0/12
    Encapsulation      : Native
          Ingress      : Disabled
Filter VLANs           : None
Dest RSPAN VLAN        : None
IP Access-group        : None
MAC Access-group       : None
IPv6 Access-group      : None

can someone explain  me why  port shows up and down?

thanks

mahesh

2 Accepted Solutions

Accepted Solutions

Hi Mahesh,

what Gurpreet meant with that line was ( hope i am correct ) :-

The Span Destination port by default will not accept data by default that is headed for that network sniffer itself, so in otherwords you will data that have been copied from the source ports but not the traffic that was destined for the device connected to the destination port. But is you want to enable that Destination port to accept connection for the device , you can do it.

Just check that same link that Gurpreet gave and check at the very bottom.

Network Analyzer/Security Device Connected to SPAN Destination Port is Not Reachable

Thanks

Manish

View solution in original post

This essentially means that the mac address is not learnt on the interface which is down as monitoring and therefore no traffic is destined for that interface.

However the traffic which you are mirroring from the source span port would still be captured over to this interface.

Suppose you have a pc with ip address 192.168.10.10 setup as span destination port.

Before configuring the interface as span port, you would be able to ping the device, but after the interface is confifgured as span destination, you would not be able to ping the device...........

All external communications to the device are blocked.

However if you are using 6500 you can overcome this limitation by using learning keyword at the end of the command

Enter the ingress keyword to configure destinations to receive traffic from attached devices.

Enter the learning keyword to enable MAC address learning from the destinations, which  allows the switch to transmit traffic that is addressed to devices  attached to the destinations.

CSE

Lan switching

View solution in original post

7 Replies 7

manish arora
Level 6
Level 6

Characteristics of Destination Port

Each local SPAN session or RSPAN destination session must have a       destination port (also called a monitoring port) that receives a copy of       traffic from the source ports and VLANs.

A destination port has these characteristics:

  • A destination port must reside on the same switch as the source port           (for a local SPAN session).

  • A destination port can be any Ethernet physical           port.

  • A destination port can participate in only one SPAN session at a           time. A destination port in one SPAN session cannot be a destination port for a           second SPAN session.

  • A destination port cannot be a source port.

  • A destination port cannot be an EtherChannel group.

    Note: From Cisco IOS Software Release 12.2(33)SXH and later, PortChannel             interface can be a destination port. Destination EtherChannels do not support             the Port Aggregation Control Protocol (PAgP) or Link Aggregation Control             Protocol (LACP) EtherChannel protocols; only the on mode is supported, with all             EtherChannel protocol support disabled.

    Note: Refer to             Local             SPAN, RSPAN, and ERSPAN Destinations for more information.

  • A destination port can be a physical port that is assigned to an           EtherChannel group, even if the EtherChannel group has been specified as a SPAN           source. The port is removed from the group while it is configured as a SPAN           destination port.

  • The port does not transmit any traffic except that traffic required           for the SPAN session unless learning is enabled. If learning is enabled, the           port also transmits traffic directed to hosts that have been learned on the           destination port.

    Note: This learning feature is not available on EtherSwitch service and             network modules.

  • The state of the destination port is up/down by design. The interface           shows the port in this state in order to make it evident that the port is           currently not usable as a production port.

  • If ingress traffic forwarding is enabled for a network security           device. The destination port forwards traffic at Layer 2.

  • A destination port does not participate in spanning tree while the           SPAN session is active.

  • When it is a destination port, it does not participate in any of the           Layer 2 protocols (STP, VTP, CDP, DTP, PagP).

  • A destination port that belongs to a source VLAN of any SPAN session           is excluded from the source list and is not monitored.

  • A destination port receives copies of sent and received traffic for           all monitored source ports. If a destination port is oversubscribed, it can           become congested. This congestion can affect traffic forwarding on one or more           of the source ports.

Manish

Dear Manish,

Can SPAN destination port be monitored for snmp link status?

 

Regards,

Godwin. S

Gurpreet Kochar
Level 1
Level 1

It is normal to show the port as up/down monitoring, as long as it is functioning properly. Sometimes when you  configure a monitor (SPAN) session, the destination interface shows the down status (monitoring) by design.

The port state is shown in this state to make it evident that the  port is currently unusable as a production port. The SPAN session's  destination port will always show up as up/down due to the fact that it does not take ingress traffic.

Characteristics of Destination Port

http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#charac_dest

Hi gurpreet,

thanks for reply.

if you can explain me this in detail please

The SPAN session's  destination port will always show up as up/down due to the fact that it does not take ingress traffic.

mahesh

Hi Mahesh,

what Gurpreet meant with that line was ( hope i am correct ) :-

The Span Destination port by default will not accept data by default that is headed for that network sniffer itself, so in otherwords you will data that have been copied from the source ports but not the traffic that was destined for the device connected to the destination port. But is you want to enable that Destination port to accept connection for the device , you can do it.

Just check that same link that Gurpreet gave and check at the very bottom.

Network Analyzer/Security Device Connected to SPAN Destination Port is Not Reachable

Thanks

Manish

This essentially means that the mac address is not learnt on the interface which is down as monitoring and therefore no traffic is destined for that interface.

However the traffic which you are mirroring from the source span port would still be captured over to this interface.

Suppose you have a pc with ip address 192.168.10.10 setup as span destination port.

Before configuring the interface as span port, you would be able to ping the device, but after the interface is confifgured as span destination, you would not be able to ping the device...........

All external communications to the device are blocked.

However if you are using 6500 you can overcome this limitation by using learning keyword at the end of the command

Enter the ingress keyword to configure destinations to receive traffic from attached devices.

Enter the learning keyword to enable MAC address learning from the destinations, which  allows the switch to transmit traffic that is addressed to devices  attached to the destinations.

CSE

Lan switching

Hi gurpreet,

Many thanks for great explanation.

regards

mahesh

Review Cisco Networking for a $25 gift card